-1

I try to install a proxy server on my network, using squid. My network architecture is something like this: ISP <- server 1 - or router - (with static IP and CoovaChilli on it) <- LAN.

At first, I would like to install my squid on a different machine than server 1. My question is: Do I need to put my proxy server between server 1 and LAN, like here:

ISP <- server 1 - or router - (with static IP and CoovaChilli on it) <- proxy server 2 <- LAN,

or is ok to put server 2 in LAN?

Thanks in advance!

artaxerxe
  • 541
  • 2
  • 10
  • 22

1 Answers1

2

Yes, it's OK, but you'll have to setup properly the routes on your router/server 1, so that all outgoing traffic is blocked, except for traffic coming from your proxy server.

That way, your users will have to go through the proxy to leave your LAN and access the Internet.

If you don't do that, your users will be able to access the wide wild web without traversing the proxy by simply disabling their proxy settings.

Also, don't forget to properly route/block incoming traffic, but you most likely already know that.

Another way to go at it is to put your router and LAN in two separate nets, and have the proxy server direct all requests to your router :

ISP <- Router/SRV 1 in Subnet 1 <-> proxy (2 interfaces, Subnet 1 and Subnet 2) <-> LAN in Subnet2

T. Fabre
  • 220
  • 2
  • 13